The Financial Action Task Force (FATF) an international, intergovernmental body dedicated to combating money laundering and the financing of terrorism. Established in 1989, the FATF works to align international AML/CFT standards across its 36 current member states by issuing regular guidance to financial authorities. The FATF sets out its approach to AML/CFT in its ‘40 Recommendations’: member-state authorities and financial institutions seeking to understand or find out how to comply with FATF policy should consult the recommendations before implementing them in a manner consistent with domestic legal and financial systems.
FATF recommendations range from implementing international conventions to introducing reporting and due diligence measures. Some of the most important recommendations are summarized below:
Recommendation 1: Risk-Based Approach
The FATF recommends that countries implement a risk-based approach to AML/CFT. This means that each country should identify the level of money laundering and terrorism financing risk that it faces, and take appropriate action in response, including establishing national supervisory authorities and mechanisms to monitor and mitigate those threats. The risk-based approach is considered the foundation of an effective AML/CFT regime and essential for implementing additional FATF recommendations. The risk-based approach is scalable: higher levels of risk mandate more robust measures, while lower levels may be met by simplified measures.
Recommendations 6/7/35: Sanctions
To comply with United Nations Security Council resolutions, the FATF makes several recommendations that member states implement targeted financial sanctions against persons or entities that pose terrorism financing risks, or that engage in the proliferation and financing of weapons of mass destruction. The UNSC resolutions require that countries freeze the funds and assets of those persons and entities immediately and that no further funds or assets be made available. FATF member-states produce and issue sanctions lists that financial institutions can consult prior to establishing business relationships with clients that might pose a risk.
Recommendation 10: Customer Due Diligence
Countries should ensure that their financial institutions put appropriate due diligence procedures in place to prevent customers from opening accounts anonymously or under fictitious names. These due diligence measures should be observed whenever a financial institution begins a new business relationship, when certain types of transactions take place, and when there is suspicion of money laundering or terrorist financing or indeed any doubts about the customers’ identity. The measures should be ongoing and allow financial institutions to verify customer identities, identify beneficial owners, and clarify the nature of business relationships reliably.
Recommendation 12: PEPs
The FATF recommends that financial institutions implement AML/CFT measures to deal with foreign politically exposed persons (PEPs) and the risks they present. Those measures include taking a risk-based approach to individual clients, identifying the source of wealth and funds, conducting ongoing monitoring, and introducing a senior management approval process for the commencement of PEP business relationships. Financial institutions must be able to establish which PEPs present a higher risk and subject those customers to a more robust level of screening. All PEP measures should also apply to family members and close associates.
Recommendation 16: Wire Transfers
Also known as the Travel Rule, Recommendation 16 requires that countries collect identifying information from the originators and beneficiaries of domestic and cross-border wire transfers in order to create a suitable AML/CFT audit trail. In practice, this involves an exchange of information between parties whenever a transfer takes place, including the submission of names, physical addresses and account numbers. In 2019, the FATF updated the Travel Rule to account for the increasing global use of cryptocurrency. The rule now applies to Virtual Asset Service Providers (VASPs), such as cryptocurrency exchanges and wallets, and subjects them to the same information exchange requirements as conventional financial institutions during transfers of digital funds.
Recommendation 19: Higher Risk Countries
Certain countries represent a higher risk for money laundering and terrorist financing activity. When doing business with persons and entities in these countries, the FATF recommends that financial institutions apply enhanced due diligence measures. In practice, those measures may manifest as enhanced reporting and audit mechanisms, prohibiting new branch and office openings and any reliance on third parties, or the limiting of business relationships within those countries. The FATF also suggests that member-states should put measures in place to advise their financial institutions about the AML/CFT weaknesses of high-risk countries.
Recommendation 20: Reporting of Suspicious Transactions
The FATF recommends that financial institutions report suspicious transactions to the relevant financial intelligence unit promptly. Those transactions specifically involve funds that are suspected to be the proceeds of criminal activities or of being used in the financing of terrorism. In this context ‘criminal activities’ primarily refers to money laundering offenses, criteria for which is set out in FATF Recommendation 3. Suspicious transactions should carry a direct, mandatory reporting obligation, and should be reported regardless of the amount of money involved – even if they do not complete successfully.
Recommendation 15: Virtual Assets
FATF Recommendation 15 concerns New Technologies and has been recently informed by an Interpretive Note on Virtual Assets – essentially meaning cryptocurrencies. The note sets out incoming provisions for the treatment of Virtual Assets by both financial authorities and obliged entities. In more detail, the FATF recommends that countries apply a risk-based AML/CFT approach to those assets, regulate, monitor, and supervise Virtual Asset Service Providers (VASPs), and facilitate information sharing between authorities. VASPs must be licensed and perform standard AML/CFT processes like customer due diligence, PEP screening, reporting and record keeping.